Mimblewimble is a protocol that was put forward by an anonymous user in a Bitcoin developers chatroom by the name of Tom Elvis Jedusor (the French name of fictional Harry Potter character Voldemort). Mimblewimble itself is the name of a spell used to tongue-tie victims in Harry Potter. Jedusor left a link to a whitepaper in which he outlines that by using the Mimblewimble protocol, the scalability, as well as the privacy of the Bitcoin network could significantly be enhanced.What is Mimblewimble In order to understand the Mimblewimble protocol, the manner in which Mimblewimble transactions are conducted must first be understood.Mimblewimble transactions are a derivation of another transaction type known as, confidential transactions. Developed by Bitcoin developer, Gregory Maxwell, confidential transactions allow senders to encrypt the number of Bitcoins they want to send using what are known as, blinding factors. Blinding factors are simply strings of numbers used to encrypt Bitcoin amounts in a transaction. In a confidential transaction, only the two parties involved are cognisant of the amount of Bitcoins being transacted, onlookers cannot know. However, onlookers can still ensure that the transaction is valid by comparing the number of inputs and outputs; if both are the same, then the transaction will be valid. Such a procedure ensures that no Bitcoins have been created from nothing and is key in preserving the integrity of the system.Mimblewimble transactions function in a similar way, except, it is the receiver of the Bitcoins that generate the blinding factor. This blinding factor is then used as proof of ownership by the receiver, thus, permitting them to spend the Bitcoins.In addition, Mimblewimble transactions also leverage another piece of cryptographic innovation known as CoinJoin. Also proposed by Gregory Maxwell, CoinJoin is a mechanism by which transactions are simply combined which results in the obfuscation of inputs and outputs. This has the effect of making it impossible for anyone to determine which Bitcoins were sent from any of the participating Bitcoin addresses. Therefore, in relation to Mimblewimble transactions, when combined together, a block would simply consist of: a list of inputs, a list of outputs, and signature data. This offers significant space savings in blocks because other transaction data no longer need to be stored, only inputs and outputs. By subtracting the total inputs from the total outputs, and ensuring that the result is zero, a blockchain built from such a system will be valid. This is in contrast to how transactions, and therefore the blockchain, is proved to be valid in Bitcoin. In this instance, the whole blockchain must be downloaded and the history of a transaction output analysed in order to ensure its validity.The space savings as well as the privacy offered through the use of the Mimblewimble protocol is clear. By pruning the blockchain of unnecessary transaction data, scalability becomes less of an issue because more transactions can be included in a single block. Due to the obfuscation of inputs and outputs, as well as the elimination of public addresses in Mimblewimble transactions, true anonymity, as opposed to pseudonymity, is achieved.Implementation of MimblewimbleIn the same way Bitcoin is a protocol and Bitcoin Core is an implementation of it, Mimblewimble is also a protocol, with the Grin project being an implementation. Grin is a project that utilizes its own blockchain along with its own cryptocurrency. The founder is unknown and currently operates under the pseudonym, Ignotus Peverell (another fictional character from the Harry Potter series).Grin is paving the way in the implementation of the Mimblewimble protocol, and it is hoped that the lessons learned can be taken and applied to Bitcoin.Currently, Mimblewimble can only be integrated into the Bitcoin network as a soft fork, or as a sidechain. On this sidechain, users would be able to move Bitcoins onto it and transact with an increased level of privacy.ConclusionTo conclude, through the use of cryptographic innovations such as confidential transactions and CoinJoin, Mimblewimble offers a strong scaling solution, as well as increased privacy for the Bitcoin protocol.Further testing is still underway in ensuring the validity of the technology, but along with other cryptographic developments such as Schnorr signatures, the issues of scalability and privacy may be becoming less of a problem for Bitcoin.

Earlier I posted about Mimblewimble, a method to use several cryptographic innovations to offer a strong scaling solution and increased privacy for the Bitcoin protocol. And one of the aforementioned innovations is CoinJoin.

As we all know today, Bitcoin right now is not fully anonymous.
Several initiative have been in the works in hopes to solve this issue and increase the privacy and overall security of using the Bitcoin Network. One of which is CoinJoin.

CoinJoin is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, CoinJoin transactions do not require a modification to the bitcoin protocol.

(This can be compared to a group of people who throw their cash together and go shopping. While everyone could make sure no one spends more than they should, the shoppers wouldn't necessarily spend the exact bills they originally put into the shared wallet themselves.)

There are a few implementation of CoinJoin (both centralized and decentralized) in use today, but until it gained more widespread use, it's not that useless. Afterall, a CoinJoin needs people to "join".

But an interesting development on the horizon might skew these incentives: Schnorr signatures. Enabled by Segregated Witness, Schnorr signatures could allow for the aggregation of all signatures in a CoinJoin transaction into a single signature. This efficiency should result into lower transaction fees per input, and perhaps stimulate use of the most private and fungibility-friendly solution.

Bitcoin right now is not really anonymous. While Bitcoin addresses aren't necessarily linked to real-world identities, they can be. Monitoring the unencrypted peer-to-peer network, analysis of the public blockchain, and Know Your Customer (KYC) policy or Anti-Money Laundering (AML) regulation can reveal a lot about who's using Bitcoin, and for what.This is not great from a privacy perspective. Bitcoin users might not necessarily want the world to know where they spend their money, what they earn or how much they own, while businesses may not want to leak transaction details to competitors – to name some examples.Additionally, bitcoins being traceable, possibly “tainted,” and potentially worth less than other bitcoins is at odds with fungibility. This could even challenge Bitcoin's value proposition as money.But there are potential solutions to increase privacy, and improve fungibility. A solution that has been around for a while is CoinJoin.BackgroundAt its heart, the Bitcoin protocol consists of transactions. All these transactions are completely public on the blockchain, which means that anyone can see which addresses sent bitcoins to which addresses. If some of these addresses are linked to real world identities, it can reveal who transacted with whom ‒ or what for. This is at odds with privacy and – in particular ‒ fungibility.Additionally, each particular transaction spends one or several “inputs,” referring to the addresses bitcoins are sent from. (These inputs are spent to “outputs,” referring to the addresses bitcoins are sent to.) This poses another challenge to privacy and fungibility, since all input-addresses would typically belong to the same user: the sender of the transaction. If even one of all clustered input-addresses can be linked to a real-world identity, all of them are.CoinJoin – proposed in 2013 by Bitcoin Core and Blockstream developer Gregory Maxwell – is designed to solve both these problems. It obfuscates the trail of bitcoins and breaks the assumption that all input-addresses belong to the same user.The IdeaThe CoinJoin concept is fairly straightforward.Essentially, CoinJoin lets multiple users combine all inputs and outputs from several transactions into a single, big transaction. This single transaction spends bitcoins from different addresses to different addresses – and since none of the sending addresses pay none of the receiving addresses specifically; there's no link between any of them.(This can be compared to a group of people who throw their cash together and go shopping. While everyone could make sure no one spends more than they should, the shoppers wouldn't necessarily spend the exact bills they originally put into the shared wallet themselves.)In Bitcoin, this can be accomplished perfectly securely. All inputs require a corresponding signature from their respective owner, while the content of a transaction cannot be changed after a signature is added. As such, participants of a CoinJoin transaction simply announce which inputs and outputs they want to include in the transaction, and sign the aggregate only if these inputs and outputs are correctly included. Once all participants have signed (and only once they have signed), the transaction is broadcast.A key feature of CoinJoin: once the transaction is broadcast and included on the blockchain, there is no way of knowing which bitcoins went where; not even the recipients of the transaction will know from which addresses they got paid.Additionally, CoinJoin improves privacy even of those who don't use it at all. Since a combination of inputs no longer necessarily means that all of the input-addresses belong to the same user, clustering has become a less powerful analytics tool in general.In PracticeCoinJoin does not require any changes to the Bitcoin protocol, and there are several implementations of it already. The main difference between some of the versions out there is how the CoinJoin transaction is created.The easiest way to create a CoinJoin transaction is through a dedicated server. Anyone who wants to use CoinJoin would simply connect to the server to indicate which inputs and outputs the transaction should include. The server then creates a big aggregate transaction, and sends this back for all participants to sign. DarkWallet – the privacy-focused Bitcoin wallet that seems stuck in its alpha phase – employs a server-based model, as does the popular Blockchain web wallet, though its effectiveness has been questioned in the past.The main problem with the server-based model, is that whoever controls the server would typically have access to the data provided by the individual participants. As such, this server presents a single point of failure from a privacy and fungibility perspective. There are potential solutions to cryptographically mask transaction data even from the server, but this is still theoretical for now.There are also decentralized CoinJoin solutions, that construct CoinJoin-transactions peer-to-peer, or at least without any particular central intermediary. There have been several attempts in this direction, including Coinmux, Coinjumble, CoinJoiner and former DarkWallet developer Amir Taaki's CoinJoin tool. But none of these are widely used, and therefore not very useful – “coinjoining” makes sense only when there's someone to join with.A more recent take on the CoinJoin strategy that intends to tackle this problem is JoinMarket: a marketplace for CoinJoin transactions. Users can offer a spot in a CoinJoin transaction in return for a small fee – or buy access to a CoinJoin transaction themselves. The creators of JoinMarket believethat the incentive to mix coins in return for fees should generate enough liquidity to make the market a success – while the competitive nature of it should keep fees low. Indeed, JoinMarket is relatively well used compared to alternatives, and the order book (at the time of writing) offers thousands of bitcoins to mix with.Lastly, another privacy-focused wallet, Samourai Wallet, currently includes a type of CoinJoin imitation, designed to throw off whoever is analyzing blockchain data. This option makes transactions appear like CoinJoin-transactions, while in reality all inputs and outputs belong to the same user. (Samourai Wallet plans to expand build-in and cross-wallet mixing options later this year, which might also utilize CoinJoin functionality.)Downsides and Trade-OffsWhile CoinJoin can be useful – it's not perfect.Most important, while CoinJoin does a great job at mixing inputs and outputs, this is not sufficient if the amounts are revealing. If one input sends 4.9 bitcoins, another input sends 2.7 bitcoins and a third inputs sends 0.8 bitcoins, while one output receives 4.9 bitcoins, one receives 2.7 bitcoins and a third receives 0.8 bitcoins, then it's simple to connect inputs to outputs.A potential solution to this problem, of course, are Confidential Transactions. Since Confidential Transactions mask the amounts sent (but not the inputs and outputs), CoinJoin and Confidential Transactions are a potentially powerful combination.Another risk is that of Sybil attacks. Seemingly multiple participants in a CoinJoin transaction can really be one and the same entity, monitoring a particular participant.(If nine-of-ten inputs and outputs belong to a single NSA-agent sending bitcoins to himself, he would know which remaining output sent bitcoins to which remaining output.)There is no easy solution for the problem of Sybil attacks, but as more genuine users mix their coins, it does become significantly harder to pull off successfully.Which brings us to the next point: CoinJoin is still a hassle. Almost no wallets have it built in, and those that do aren't used a lot (and rely on a central server.) JoinMarket is probably the most successful implementation to date, but still requires special software and additional fees (though small).But an interesting development on the horizon might skew these incentives: Schnorr signatures. Enabled by Segregated Witness, Schnorr signatures could allow for the aggregation of all signatures in a CoinJoin transaction into a single signature. This efficiency should result into lower transaction fees per input, and perhaps stimulate use of the most private and fungibility-friendly solution.